On Tuesday 21 October 2008 15:47:35 Tom Lane wrote: > Gregory Stark <[EMAIL PROTECTED]> writes: > > Sort of. SSH requires you to install the certificate of the server > > locally before connecting. If you don't it pops up a big warning and asks > > if you want to install it. On subsequent connections it looks up the key > > for the name of the host you're trying to connect to and insists it > > match. If it doesn't it pops up a *huge* error and refuses to connect. > > Um, IIRC what it's checking there is the server's key signature, which > has nada to do with certificates.
It checks the fingerprint of the server public key. And a certificate is exactly a public key with additional information that explains whose public key that is. So when you install the fingerprint sent by the SSH server in your local known_hosts, then the server public key becomes a certificate. Sort of. But it's related. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
